Confidential information, including details of complaints about ABTA Members, and documentation uploaded to the site in support of ABTA membership have been accessed by hackers, the organisation said. It added that encrypted versions of its passwords used by members and customers of ABTA had also been accessed.
ABTA said that 1,000 of the files hacked may include personal identity information of customers of ABTA members in support of their complaint about an ABTA Member, all of which were uploaded since 11 January 2017, while around 650 may include personal identity information of ABTA members.
The incident took place on 27 February, however the organisation said it had only "recently" become aware of the problem. It said it would today contact those affected and provide them with information and guidance to help keep them safe from identity theft or online fraud. It said the relevant authorities, including the Information Commissioner and the Police, had also been alerted.
ABTA chief executive Mark Tanzer said: "I would personally like to apologise for the anxiety and concern that this incident may cause to any customer of ABTA or ABTA Member who may be affected. It is extremely disappointing that our web server, managed for ABTA through a third party web developer and hosting company, was compromised, and we are taking every step we can to help those affected. I will personally be working with the team to look at what we can learn from this situation."